Our Excellent Opportunity!!
Senior Manager - Security Risk & Compliance is responsible for ensuring that the company's processes and systems are monitored and evaluated to meet compliance requirements. Some of the responsibilities include:
• Regulatory Intelligence - Monitor and analyse regulatory policies, notifications, and guidelines.
• Compliance - Developing and implementing policies and procedures that ensure compliance with regulatory and ethical standards.
• Risk management - Identifying and mitigating compliance risks and supporting annual risk assessments.
• Advisory - Providing guidance to business teams on regulatory compliances.
• Audits - Conducting compliance reviews and audits and performing due diligence screening on third-party engagements.
• Decision-making - Overseeing key decision points to ensure appropriate decisions are made.
• Program management - Work internally with key stakeholders to drive compliance program covering impact assessment of regulatory requirements and identify risks.
Security Compliance landscape
The security landscape is dynamically evolving from a regulatory perspective. Since security is a cross-cutting issue, India has a complex inter-ministerial and inter-departmental institutional framework, with several ministries, departments and agencies performing key functions.
.
India's cyber security compliance requirements include:
• Communication Security Certification Scheme (ComSec) notified in 2020 follows Indian Telecom Security Assurance Requirements (ITSAR) and mandates testing in designated Telecom Security Test Labs (TSTL) accredited by National Centre for Communication Security (NCCS).
• Telecom Cybersecurity Rules 2024 - These rules expand the scope of data collection, increase the responsibilities of telecom entities, and introduce new roles and reporting requirements. They also emphasize a proactive approach to cybersecurity, with a focus on continuous monitoring, rapid response, and coordination between the government and telecom entities.
• Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (2013 rules), established the Computer Emergency Response Team (CERT-In) and put in place obligations on intermediaries and service providers to report cybersecurity incidents to the CERT-In.
• Directions on information security practices, procedure, prevention, response and reporting of cyber incidents for a safe and trusted internet, issued in 2022 by the CERT-In, add to and modify existing cybersecurity incident reporting obligations under the 2013 rules.
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI rules) require companies that process, collect, store or transfer sensitive personal data or information to implement reasonable security practices and procedures.
• The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code Rules, 2021) require intermediaries to implement reasonable security practices and procedures to secure their computer resources and information, maintaining safe harbour protections. Intermediaries are also mandated to report cybersecurity incidents to the CERT-In.
• Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018, oblige companies that have protected systems – as defined under the IT Act – to put in place specific information security measures.
• Data localization - Mandatory data localization is a key provision of the 2024 Cyber Security Regulations in India.
• Incident reporting and response- All entities are required to report cybersecurity incidents to the Computer Emergency Response Team (CERT-In) within six hours of becoming aware of them.
• Cyber security audits and compliance- Cyber security audits and compliance are key provisions of the 2024 Cyber Security Regulations in India.
• National Critical Information Infrastructure Protection Centre (NCIIPC)- The NCIIPC was launched by the Indian government in 2014 and is under the Prime Minister's Office (PMO).
Why join Ericsson?
At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world's toughest problems. You´ll be challenged, but you won't be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next.
What happens once you apply?
Click Here to find all you need to know about what our typical hiring process looks like.
Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more.
Ericsson is proud to be an Equal Opportunity and Affirmative Action employer, learn more. We are committed to providing reasonable accommodations to all individuals participating in the application and interview process. If you need assistance or to request an accommodation due to a disability please reach out to Contact us
We are proud to announce Ericsson India is ranked 19th among Top 50 companies in the country and is once again officially Great Place to Work Certified™ in 2024. Every year, more than 10,000 organizations from over 60 countries partner with the Great Place to Work® Institute for assessment, benchmarking and planning actions to strengthen their workplace culture and this Certification acknowledges our employees value their employee experience and our workplace culture."